CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2022-22963	High	94.5%	VMware TanzuSpring Cloud	When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.	Aug 25, 2022	KEV
CVE-2020-5410	High	94.3%	VMware TanzuSpring Cloud Configuration (Config) Server	Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.	Mar 25, 2022	KEV
CVE-2018-1273	High	94.3%	VMware TanzuSpring Data Commons	Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.	Mar 25, 2022	KEV

CVE-2022-22963KEV

High

When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

VMware TanzuEPSS 94.5%

CVE-2020-5410KEV

High

Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

VMware TanzuEPSS 94.3%

CVE-2018-1273KEV

High

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

VMware TanzuEPSS 94.3%